By Paessler Editorial Team • May 17, 2017
Why You Should Enable HTTPS on Your Website (Yes, Really. Keep Reading!)
Hacking scandals affect the lives of millions of people. Now attitudes are changing, and internet users are wiser to the potential misuse and abuse of their personal information. Now, they question the safety and security of their data.
According to a survey published in 'Die Zeit', half of the German population believes that businesses are 'not honest in the way they notify people of how their confidential data will be used'.
Survey respondents stated that in particular, credit card details and financial information, tax data, and information concerning their children are viewed as highly or particularly sensitive information. In a word: private.
No sensible person would consciously choose to send private information - such as a digital postcard - knowing that such risk of interception exists. But not everybody is aware of the scale of the risk of unsecured connections. Consider the elderly: how many pensioners consider https encryption when communicating across the internet? Likely, very few (just an idea...)
As shown in Die Zeit, consumer choice dictates that 'half the German population' is now less likely to transact across the internet using unsecured sites. The consequence of this mistrust equates to profound changes in consumer browsing and buying. Now, seven out of ten customers are 'uncomfortable' sharing their data with companies who cannot demonstrate a secure and ethical handling of their data.
Perhaps some businesses harbor naive hope of their customers continuing to browse and purchase on an 'open line'. But the facts show clearly that when offered the choice between a 'secure' or 'unsecure' connection, users feel safer using encryption. To strengthen this notion, Google has incorporated this trust-in-encryption into its search engine algorithms.
Security as a matter of honor
The SSL-Certificate as a way of building trust
Connections over HTTP are encrypted and secured via the SSL protocol. HTTPS prevents data from being captured on the way from the sender to the recipient (a 'man-in-the-middle' attack). User details, such as credit card information or private messages, can be secured in this way. They protect the privacy of your website visitors, as well as that of your employees.
The SSL Certificate that is required for encryption is issued by many different providers and is now affordable to small and medium-sized enterprises. Given the potential for lost sales from not possessing security, obtaining an SSL certificate is an undoubtedly worthwhile investment.
Perhaps soon, one that is essential.
You should also consider further measures to ensure that your customers feel secure: such as encrypting the data that you process and store on the server directly.
Provide as much security as possible. If your customers feel secure, they will be prepared to entrust you with their payment details. If they can trust you, they'll come back, and each time they come back, they'll likely recommend you to friends.
Use the opportunity to build trust!
The carrot and stick approach
How Google promotes encryption of your website
Google favors https when awarding positions in its search engine ranking. More precisely, https can decide whether your page appears in first or second place, or perhaps fifth or sixth. If the ranking is otherwise equal, Google will always prefer the competitor that uses https.
AMP (Accelerated Mobile Pages) also requires HTTPS. AMP is a technology that accelerates the time pages take to load on mobile devices. AMP-optimized pages load virtually instantly, and Google has declared AMP (and therefore https) to be one of its priorities for 2017.
A further change to the search algorithm is also suggested for the future: instead of the desktop version, as has been the case so far, mobile versions of pages could serve as Google's primary source. Https is also mentioned in the best practices: 'For example, if you don't support HTTPS yet then start by migrating to a secure site.' It seems very important to Google that you enable your users to connect securely.
Starting with its Chrome browser from Version 56, Google's plan is to label pages without an SHA2 SSL certificate with 'not secure' - right next to the URL. This first stage will affect HTTP web pages that transmit credit card information or passwords.
Later however, every HTTP page will be labeled as 'not secure' - first in Incognito Mode and following later in 'normal' mode.
Nobody should wait that long.
The sysadmin as a friend and helper
How to make an impression on your marketing department
As an admin, you can take these improvements to your marketing department and show them what can be achieved with an SSL certificate: from the Google ranking, through to AMP mobile technology.
HTTPS brings innumerable and obvious advantages but is not yet a magic potion. You will need to find your own bespoke formula for content in order to ensure maximum security.
But you'll be there, ensuring that your content reaches its intended target - your customers - while enjoying the benefits from regaining their trust.